dhcp snooping enable
Function
The dhcp snooping enable command enables DHCP snooping.
The undo dhcp snooping enable command disables DHCP snooping.
By default, DHCP snooping is disabled on the device.
Format
In the system view:
dhcp snooping enable [ ipv4 | ipv6 | vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]
undo dhcp snooping enable [ ipv4 | ipv6 | vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> ]
In the VLAN view, BD view, and interface view:
dhcp snooping enable
undo dhcp snooping enable
Only the S5720-HI, S5730-HI, S6720-HI, S6730-H, S6730S-H, S6730-S, S6730S-S, S5732-H, S5731-S, S5731S-S, S5731S-H, and S5731-H can be configured in the BD view.
Parameters
| Parameter | Description | Value |
|---|---|---|
ipv4 |
Indicates that the device processes only DHCPv4 messages. |
- |
ipv6 |
Indicates that the device processes only DHCPv6 messages. |
- |
vlan { vlan-id1 [ to vlan-id2 ] } |
Enables DHCP snooping in a specified VLAN.
|
The specified VLAN ID must exist. |
Views
System view, VLAN view, Ethernet interface view, GE interface view, XGE interface view, 25GE interface view, MultiGE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, port group view, BD view
Usage Guidelines
Usage Scenario
DHCP snooping is a security function to protect DHCP. When you run the dhcp snooping enable command to enable DHCP snooping on a device, the device can process both DHCPv4 and DHCPv6 messages. In practice, however, if the DHCP snooping device needs to process only DHCPv4 or DHCPv6 messages, you can run the dhcp snooping enable ipv4 or dhcp snooping enable ipv6 command, which improves CPU efficiency.
You must enable DHCP snooping in the system view before enabling DHCP snooping on an interface, in a BD, or in a VLAN.
Prerequisites
DHCP has been enabled globally using the dhcp enable command.
Follow-up Procedure
Run the dhcp snooping trusted command to configure the interface connected to the DHCP server as a trusted interface. A binding table is generated.
Precautions
The dhcp snooping enable command in the system view is the prerequisite for DHCP snooping-related functions. After the undo dhcp snooping enable command is run, all DHCP snooping-related configurations of the device are deleted. After DHCP snooping is enabled again using the dhcp snooping enable command, all DHCP snooping-related configurations of the device are restored to the default configurations.
If you run the dhcp snooping enable command in the VLAN view, the command takes effect for all the DHCP messages from the specified VLAN. If you run the dhcp snooping enable command in the interface view, the command takes effect for all the DHCP messages received on the specified interface.
If both DHCP relay and VRRP are configured on a device, DHCP snooping cannot be configured.
DHCP snooping cannot be enabled if the DHCP server is at the subordinate VLAN side and the DHCP client is at the principle VLAN side.
Example
# Enable DHCP snooping globally and configure the device to process only ipv4 messages.
<HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable ipv4
# Enable DHCP snooping on GE 0/0/1.
<HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] interface gigabitethernet 0/0/1 [HUAWEI-GigabitEthernet0/0/1] dhcp snooping enable
# Enable DHCP snooping in VLAN 100.
<HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] vlan 100 [HUAWEI-vlan100] dhcp snooping enable
# Enable DHCP snooping in VLANs ranging from VLAN 20 to VLAN 25 in a batch.
<HUAWEI> system-view [HUAWEI] dhcp enable [HUAWEI] dhcp snooping enable [HUAWEI] vlan batch 20 to 25 [HUAWEI] dhcp snooping enable vlan 20 to 25